Make Your Logs Work for You

The days of logging in to servers and manually viewing log files are over. SolarWinds® Papertrail™ aggregates logs from applications, devices, and platforms to a central location.

View Technology Info


Troubleshoot Fast and Enjoy It

SolarWinds® Papertrail™ provides cloud-based log management that seamlessly aggregates logs from applications, servers, network devices, services, platforms, and much more.

View Capabilities Info


Aggregate and Search Any Log

SolarWinds® Papertrail™ provides lightning-fast search, live tail, flexible system groups, team-wide access, and integration with popular communications platforms like PagerDuty and Slack to help you quickly track down customer problems, debug app requests, or troubleshoot slow database queries.

View Languages Info


TBD - APM Integration Title

TBD - APM Integration Description

TBD Link

APM Integration Feature List

TBD - Built for Collaboration Title

TBD - Built for Collaboration Description

TBD Link

Built for Collaboration Feature List

Collect Logs: Apps & Services > Windows


To configure remote syslog from Windows and send log files and event logs from all Windows variants, we recommend nxlog. In case nxlog will not run on your machine, Eventlog-to-Syslog can be installed on the machine.

Windows events can also be sent using the SolarWinds Snap Agent. See Using the SolarWinds SnapAgent.



  1. Download the latest version using the link at the Windows downloads page.
  2. Double click the downloaded MSI.
  3. Follow the on-screen prompts.

Basic Configuration

  1. Find your nxlog installation location, usually C:\Program Files (x86)\nxlog, or on 32 bit platforms, C:\Program Files\nxlog.
  2. Download to the cert directory.
  3. Open nxlog.conf in the conf directory.
  4. Replace the contents with this template.
  5. Replace and XXXXX with the details shown under log destinations.
  6. (Optional) uncomment and modify File 'C:\\path\\to\\*.log' to send the contents of a local log file. Note that the exact syntax of the filename is critical: use double backslashes and single quotes, or consult the nxlog documentation for options.
  7. Restart the nxlog service.

For multiple log files in different directories, add more <Input watchfileN> blocks and include them in Route 1 near the bottom of the example config. The commented out <Input watchfile2> block illustrates this process.

Encrypted Logging using TCP+TLS (optional)

Deprecated. No additional steps are needed when starting from the latest config template, as it encrypts logs by default. If your config still uses Module om_udp under syslogout, consider following the instructions above to reconfigure nxlog using the latest config template.

If that’s not possible, the instructions below will enable encrypted logging for older config templates.

  1. Download to the cert directory under your nxlog installation location.
  2. Add define CERTDIR %ROOT%\cert to the top of the file, near the other define statements.
  3. In the syslogout block, replace Module om_udp with Module om_ssl and add two lines:
CAFile %CERTDIR%/papertrail-bundle.pem2
AllowUntrusted FALSE

4. Restart the nxlog service.



In case nxlog will not run on your machine, Eventlog-to-Syslog can be installed and configured using the instructions below.


Download or from Google Code. As of this writing, the current version is 4.5.1.

Download the regular build, not the Large Packet build. The Large Packet build changes the maximum packet size from 1500 bytes to 4096 bytes. The largest packet (MTU) on the Internet is 1500 bytes, so the regular build is required.


Extract the .zip file. Copy the 2 extracted files to C:\Windows\System32 (or your system’s equivalent directory).


  1. Start a DOS Prompt as a local administrator: Start > right-click on DOS Prompt > Run as Administrator.
  2. Navigate to C:\Windows\System32.
  3. Run evtsys.exe to install the service, providing the destination host and port from Papertrail’s Add Systems page. For example:
> evtsys.exe -i -h -p XXXXX

Change the logsN and XXXXX arguments to match your Papertrail log destination.

This will start the eventlog to syslog relay. Subsequent Windows events should appear in Papertrail within 5 seconds.

Here are the full arguments and the readme.


To uninstall the service, run with -u, like:

> evtsys.exe -u -h -p XXXXX

Change the logsN and XXXXX arguments to match your Papertrail log destination.

In addition to the Services control panel, the service can be controlled with:

> net start evtsys
> net stop evtsys

The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.